Easy Contact WordPress Plugin version 0.1.2 suffers from cross site scripting and abuse of functionality vulnerabilities.
1544b4216f123c8bbdf99ebbf0b989fcf2771ba92534dd056c8e5a7e620347f6
Hello list!
I want to warn you about Insufficient Anti-automation, Abuse of
Functionality and Cross-Site Scripting vulnerabilities in plugin Easy
Contact for WordPress.
-------------------------
Affected products:
-------------------------
Vulnerable are Easy Contact 0.1.2 and previous versions.
----------
Details:
----------
Insufficient Anti-automation (WASC-21):
Lack of captcha at contact page allows to send automated messages
(particularly spam) to admin of the site. Captcha is turned off by default
and the type of text captcha Challenge Question is not reliable, because
the value is fixed.
Abuse of Functionality (WASC-42):
At contact page it's possible to send spam via function Carbon Copy (Email
yourself a copy). Which is turned on by default and leads to that it's
possible to send spam via the site as to admin, as to arbitrary emails.
And with using of Insufficient Anti-automation vulnerability it's possible
to send automatically spam from the site on a large scale.
Exploit:
http://websecurity.com.ua/uploads/2011/Easy%20Contact%20Abuse%20of%20Functionality.html
XSS (WASC-08):
Exploits:
http://websecurity.com.ua/uploads/2011/Easy%20Contact%20XSS.html
http://websecurity.com.ua/uploads/2011/Easy%20Contact%20XSS-2.html
http://websecurity.com.ua/uploads/2011/Easy%20Contact%20XSS-3.html
http://websecurity.com.ua/uploads/2011/Easy%20Contact%20XSS-4.html
------------
Timeline:
------------
2011.04.01 - announced at my site.
2011.04.03 - informed developers.
2011.05.20 - disclosed at my site.
I mentioned about these vulnerabilities at my site
(http://websecurity.com.ua/5055/).
Best wishes & regards,
MustLive
Administrator of Websecurity web site
http://websecurity.com.ua